Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Size: px
Start display at page:

Download "Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013."

Transcription

1 Virtual Machines and Security Paola Stone Martinez East Carolina University November, Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays, demands a high availability of equipment. One of these areas is the Information Technology (IT) field where the continuous development of new software is not backed up by hardware improvements. In the IT field it is very common to find that companies have equipment with great physical capabilities, but it is not being used at its maximum. Individual severs machines often run at 5 10% CPU utilization. By using virtualization, various virtual servers can be consolidated within in physical server while still allowing independent configuration and failure isolation [1]. These are some of the reasons of why virtualization has become very popular, and more companies and individuals are opting for its use. Virtualization is a technology that separates hardware (Physical Host) software (Operating System). It allows users to use different virtual machines running different operating systems on a single physical computer [2]. The NIST (The National Institute of Standards and Technology) defines virtualizations as the simulation of the software and/or hardware upon which other software runs according to them, there are two forms of virtualization: Application virtualization and Operating system virtualization. It depends on the computing architecture layer where it runs. For the purpose of this paper, the definition use for virtualization is the one which the NIST has named full virtualization where one or more Operating Systems and the applications they contain are run on top of virtual hardware. Each instance of an operating system and its applications runs in a separate Virtual Machine called a guest operating system [3]. 1.1 What are Virtual Machines? There are different definitions of what a virtual machine is. One of the most used is the one presented by VMware, one of the leading companies on virtualization. The definition given is: A virtual Machine is a computer that is created by software that, like a physical computer, runs an operating system and applications. Each virtual machine contains its own virtual hardware including CPU, memory, hard disk, and network interface card, which look like physical hardware to the operating system and applications [2]. Virtual machines or guest operating systems can be encapsulated and move one physical host to another [3]. On a normally configured computer, the operating system detects and run processes as needed to use the different physical components of the equipment. On computers configured to run virtual machines, the host interacts with hardware through software called virtualization layer or hypervisor. The hypervisor provides the independence to virtual machines as well as the resources allocation [2], [4]. 1

2 1.2 Advantages and disadvantages of using Virtual Machines Advantages and disadvantages of using virtual machines instead of individually configured hosts are many, and it depends on the type of environment in which the virtual machines are created as well as the purpose of their use. One of the most common motivations for companies to start using virtual machines is to improve their efficiency by using existing hardware as well as new one to create new virtual machines and use the physical capabilities of system as much as possible. Companies also benefit by using operating systems as needed by different applications: different virtual machines with different operating systems can run in the same computer and used as needed. Nowadays, people are also using virtual machines as a way to keep using legacy applications that are not compatible with newer hardware. This is becoming more common because of the use of web browser with different purposes [3]. More technical advantages can also be found on the use of virtual machines. Some of these are cited below [2], [5]: - Easy provisioning and fast scalability: a base model of virtual machines can be created and this all new virtual machines can be cloned. This offer homogeny and at the same time makes the process of creating new virtual machines easier and quick. - Easy to relocate: virtual machines are a compilation of files that can be saved and move between different physical hosts. They are independent of the physical parts of the systems. As long as all needed files are saved, users will be able to start the virtual machine on a different host. - Easy to manage: all virtual machines running on a single physical host do not know or detect the presence of the other virtual machines installed on the host. They are totally independent each other. Also, if physical changes need to be done to the physical host, it does not affect the virtual machines. They are insulated hardware changes. This said, if one virtual machine breaks, the other ones keep working without being affected by the failure. - Provides the ability to support legacy applications: virtual machines can be created with different capabilities and hardware needs, this allows users to recreate the system based needed to run legacy applications. - Allow servers to be consolidated: having the option to use a physical equipment to host more than one guest operating system benefits users in different ways like the use of hardware, space and resources. This capability makes it easier to recover a disaster improving uptime and reducing recovery time. - The disadvantages of virtual machines are various, but it also depends on the environment on which they are being use and the purpose of their use. The NIST summarizes these disadvantages in the following paragraph: Full virtualization has some negative security implications. Virtualization adds layers of technology, which can increase the security management burden by necessitating additional security controls. Also, combining many systems onto a single physical computer can cause a larger impact if a security compromise occurs. Further, some virtualization systems make it easy to share information between the systems; this convenience can turn out to be an attack vector if it is not carefully controlled. In some cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary security boundaries more complex [3]. 2

3 On high performance environments, virtualization is used for very specific cases. Some of these challenges are as follow [6]: - Overhead: because of the privileged operations all the virtual machines, the virtual machine monitor has to register all processes and request each one. This disadvantage is mainly visible in environment where I/O operations are constant. - Memory consumption: the physical memory available on the host is distributed between all virtual machines running on a physical host. If there are continuous operations, the memory needed for them might not be available. - Efficiency: high performance environments need to have management software with which systems with low overhead can be shut down. In environments where virtual machines are the main component and conform a red of available hosts, this is called a cluster. These environments have a specific number of physical hosts to support all the needed virtual machines. Here, the main disadvantage of using virtual machines is that one physical host holds two or more virtual host that are being used for different purposes, but that depend on the hardware of one physical host. In order to alleviate this problem, it is necessary to have redundancy. The redundancy should be physical and logical as well. If the virtual management software monitors that a host is having problems on running the virtual machines installed, it should be able to migrate those virtual machines to a different hosts without impacting the performance and up time of the environment. If downtime is needed, it has to be as lower as possible [7]. From the information presented above, we can say that the advantages and disadvantages of using virtual machines depend on the environment in which they are being used as well as the purposed of their use. One advantage that I believe has been left aside, and that to me is very important, is the use of virtual machines for educational purposes. Students do not need to have a totally hardware dedicated computer to learn and do basic procedures. When I was learning about different operating systems, it was very nice to know that I could just login to different virtual machines and I would be able to work on a totally different operating system. If I break one of them, creating a new virtual machine was easy and did not take more than few minutes. I believe that virtual machines are very helpful in the education field. 2. Security Vulnerabilities on Virtual Machines Despite all the benefits offered by using virtual machines and their technology, these new capabilities have also raised issues related to security because of the implementation of virtualization. Specific characteristics of virtual machines and associated security issues are described as follows [8]: - Scaling: it is easy to deploy virtual machines by cloning existing ones or even by using a base model. This characteristic needs security policies of the network to be flexible in order to handle the quick growth of host in the network. - Transience: because virtual machines can be added and removed the network, it can be hard to have a stable network infrastructure. If an infection is detected on a network, it is hard to ensure that all infected computers have been removed. Also, if the infection was identified and vulnerable computers were patch for protections, it is possible that new virtual machines do not have the patch and are still vulnerable and restart the infection process. 3

4 - Software lifecycle: because virtual machines can be restored to different checkpoints, this can cause that an updated virtual machine with protection against actual vulnerabilities loses it by being restored to a previous checkpoint. - Diversity: in companies where usually the same image is used for all systems. If one virtual machine is successfully attacked, all of them can be affecting by using the same process. - Mobility: virtual machines are composed by different files that can be saved and installed on different hosts. When this is done, it is assumed that all other hosts where that virtual machine has been installed are protected and that have are no danger to the network. - Identity: this is usually associated to the MAC address on physical hosts, since virtual machines can be moved host to host, it is difficult to keep track or associate them to a specific physical host. The NIST lists three main ways to improve security on virtual environments. These are basic actions that can protect systems. They are [3], [10]: - Secure all elements of a full virtualization solution and maintain their security. It is important for organization which environments are virtualized to secure all the physical components as well as the logical ones. Keeping software upto-date with security patches, using secure configuration baselines, and using host-based firewalls, antivirus software, or other appropriate mechanisms to detect and stop attacks is vital on having a secure infrastructure. Companies should have the same level of protection for all environments, physical or virtual. - Restrict and protect administrator access to the virtualization solution. Access to the virtualization management system should be restricted to authorized administrators only. Some virtualization products offer multiple ways to manage hypervisors, so organizations should secure each management interface, whether locally of these actions, or remotely accessible. - Ensure that the hypervisor is properly secured. The hypervisor software should be protected as any other software like updates, but it also needs to have physical security. On virtualizations, it is important to disable any piece of hardware that is not being used for any of the virtual machines running on the physical host. - Carefully plan the security for a full virtualization solution before installing, configuring, and deploying it. As in any new environment implementation, planning plays a very important role when transforming physical environments to virtual. It will help to make sure all resources are being used and that the virtual machines work as expected. 3. Security Tools on Virtual machines Because of the specification on the virtual machines, there are some tools developed in order to offer better security option for users of virtual machines. These options are [9]: - VM-Based Intrusion Detection Systems This is developed on based to three virtual machine capabilities: isolation, inspection, and interposition. Example of this are: 1. Livewire which enforces security policies on guest virtual machines. It has two main components: the OS Interface Library, and the Policy Engine. The OS Interface Library provides an OS-level view of the target virtual machine by interpreting the hardware state on the VMM. This component is important because VMMs manage state strictly at the hardware level. 4

5 The policy engine is the heart of Livewire. This component obtains events the VMM interface and the OS Interface Library, and decides whether or not the system has been compromised 2. Siren helps to detect malicious software operating within a guest virtual machine that is trying to send packets over to other hosts on the network. - VM-Based Intrusion Prevention Systems This type of systems purpose is to protect virtual machines attackers. Example of this are: 1. SVFS is a secure virtual file system that protects important files even when the operating system is infected. When suspected software runs, SVFS makes a copy of shared files on the host in order to protect it disruptive activities. 2. NetTop bases its operation on the isolation property of virtual machines. NetTop runs two dedicated virtual machines, one to perform encryption using IPSec, and one filtering router machine. These two VMs enforce strict security policies that prevent network traffic flowing between networks of different classifications. 3. IntroVirt uses virtual-machine introspection to monitor application and operating system execution in a guest virtual machine. 4. shype mediates access to hardware resources at a low level eliminating the need to have multiple implementations for different operating systems. The downside of the SHype solution is that it cannot do anything to prevent resource starvation within a virtual machine. - VM-Based Honeypots Virtual machines provide resource multiplexing, which allows more high interaction honeypots to run on the same hardware. Virtual machine technology makes it feasible to deploy more highinteraction honeypots on the same hardware. Furthermore, virtual machine technology allows more in-depth monitoring of malicious activities on honeypot machines without attackers being able to detect or disable monitoring software. Examples of honeypots are the Potemkin Virtual Honey farm and the Collapsar Honeypot Center. - Terra: A Virtual Machine Based Trusted Computing Platform It uses a trusted virtual machine monitor (TVMM) to partition resources between isolated virtual machines (VM), thus providing the appearance of a dedicated physical machine for each Virtual Machine. - ReVirt: A VM-Based Logging and Replaying System It is a virtual machine based logging and replaying system that attempts to address the lack of integrity and completeness provided by traditional loggers. - SubVirt: VM-Based Malicious Software It poses significant challenges for designers of anti-malware protection programs. It exploits the isolation properties of virtual machines to achieve a new level of separation the target operating system, making it very difficult to detect and remove. 4. Conclusion Virtual machines offer a lot of benefits to us, but at the same time there are security considerations that need to be addressed in order to keep environments safe and the stable. As expressed in the paper, one of the great benefits of virtual machines that I considered is the help they can offer to formal education establishments. In this situation, and since the use for of them is very basic, security is not an important fact. When I used them, all virtual machines were in a totally different network in order to avoid any danger that affects the main 5

6 network or other physical hosts. In this case I believe the security level was enough. In any other instance, it is important that users protect virtual machines as they will protect any physical computer. Even though it is easy to replace one virtual machine with another, there can be consequences associated to the fact that security was not done right. The paper presented different options in which virtual machines can be protected, so it is up to the IT specialists to decide which ways is the best to protect the environment. 6

7 References [1] Gupta, D, et. al. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, Retrieved on November, 2013 https://www.usenix.org/legacy/event/osdi0 8/tech/full_papers/gupta/gupta.pdf [2] VMware Education Services. VMware vsphere: Install, Configure, Manage. Lecture Manual Volume 1. VMware, Inc., [3] Scarfone K., et al. Guide to Security for Full Virtualization. NIST Special Publication Technologies. Recommendations of the National Institute of Standards and Technology. Retrieved on November, /SP final.pdf [4] WMware, Inc. VMware Server Virtual Machine Guide. Retrieved on November, manual.pdf [5] Clark, C., et al. Keir Fraser, Steven Hand, Jacob Gorm Hanseny. Live Migration of Virtual Machines. University of Copenhagen, Denmark. Retrieved on November, s/papers/2005-migration-nsdi-pre.pdf [6] Huang, W., et al. A Case for High Performance Computing with Virtual Machines. Retrieved on November, oad?doi= &rep=rep1&type=p df [7] Le, M., et al. Resilient Virtual Clusters. Proceedings of 17th IEEE Pacific Rim International Symposium on Dependable Computing. Pasadena, California, December Retrieved on November, c11.pdf [8] Garfinkel, T., & Rosenblum, M. When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Retrieved on November, 2013 https://www.usenix.org/legacy/event/hoto s05/final_papers/full_papers/garfinkel/garfi nkel.pdf [9] Zhao, X., et al. Virtual Machine Security Systems. Department of EECS. University of Michigan. Retrieved on November, kafura/papers/virtualization/vmm- Security.pdf [10] Studnia, I., et al. Survey of Security Problems in Cloud Computing Virtual Machines. Retrieved on November, esar_paper71-version_publiei_e.pdf 7

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

8th WSEAS International Conference on SYSTEMS THEORY and SCIENTIFIC COMPUTATION (ISTASC 08) Rhodes, Greece, August 20-22, 2008

8th WSEAS International Conference on SYSTEMS THEORY and SCIENTIFIC COMPUTATION (ISTASC 08) Rhodes, Greece, August 20-22, 2008 Comparison of OS Level and Hypervisor Server Virtualization ABBAS ASOSHEH, MOHAMMAD HOSSEIN DANESH Information Technology Department Tarbiat Modares University & Amirkabir University of Technology Jalal

More information

Securing Industrial Control Systems on a Virtual Platform

Securing Industrial Control Systems on a Virtual Platform Securing Industrial Control Systems on a Virtual Platform How to Best Protect the Vital Virtual Business Assets WHITE PAPER Sajid Nazir and Mark Lazarides sajid.nazir@firstco.uk.com 9 Feb, 2016 mark.lazarides@firstco.uk.com

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

A Survey on Virtual Machine Security

A Survey on Virtual Machine Security A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational

More information

Virtual Machine Security Systems

Virtual Machine Security Systems Book Chapter to be published in ADVANCES IN COMPUTER SCIENCE AND ENGINEERING Virtual Machine Security Systems Xin Zhao, Kevin Borders, Atul Prakash Department of EECS, University of Michigan Ann Arbor,

More information

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with

More information

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware

More information

A Survey on the Security of Virtual Machines

A Survey on the Security of Virtual Machines http://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html 1 of 11 A Survey on the Security of Virtual Machines Doug Hyde, hyde@wustl.edu (A project report written under the guidance of Prof. Raj Jain)

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the

More information

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................

More information

IOS110. Virtualization 5/27/2014 1

IOS110. Virtualization 5/27/2014 1 IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to

More information

Learn About Security Virtualization

Learn About Security Virtualization This Learn About introduces the fundamentals of security virtualization and explains how a virtual security appliance can provide security and networking services in virtualized private or public cloud

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Separating Fact from Fiction - ESXi Hypervisor Security

Separating Fact from Fiction - ESXi Hypervisor Security INF2336 Separating Fact from Fiction - ESXi Hypervisor Security Mike Foley, VMware, Inc Yuecel Karabulut, VMware, Inc Disclaimer This presentation may contain product features that are currently under

More information

Virtualizing Exchange

Virtualizing Exchange Virtualizing Exchange Simplifying and Optimizing Management of Microsoft Exchange Server Using Virtualization Technologies By Anil Desai Microsoft MVP September, 2008 An Alternative to Hosted Exchange

More information

CLOUD SERVICES (INFRASTRUCTURE) SERVICE TERMS PART C - INFRASTRUCTURE CONTENTS

CLOUD SERVICES (INFRASTRUCTURE) SERVICE TERMS PART C - INFRASTRUCTURE CONTENTS CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE... 2 4 TAILORED INFRASTRUCTURE... 3 5 COMPUTE... 3 6 SECURITY... 9 TELSTRA GLOBAL. Cloud Services (Infrastructure) Part C updated as

More information

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,

More information

Cloud Computing. Chapter 8 Virtualization

Cloud Computing. Chapter 8 Virtualization Cloud Computing Chapter 8 Virtualization Learning Objectives Define and describe virtualization. Discuss the history of virtualization. Describe various types of virtualization. List the pros and cons

More information

Guide to Security for Full Virtualization Technologies

Guide to Security for Full Virtualization Technologies Special Publication 800-125 Guide to Security for Full Virtualization Technologies Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul Hoffman NIST

More information

CA Cloud Overview Benefits of the Hyper-V Cloud

CA Cloud Overview Benefits of the Hyper-V Cloud Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter

More information

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Dr. Johann Pohany, Virtualization Virtualization deals with extending or replacing an existing interface so as to

More information

OPTIMIZING SERVER VIRTUALIZATION

OPTIMIZING SERVER VIRTUALIZATION OPTIMIZING SERVER VIRTUALIZATION HP MULTI-PORT SERVER ADAPTERS BASED ON INTEL ETHERNET TECHNOLOGY As enterprise-class server infrastructures adopt virtualization to improve total cost of ownership (TCO)

More information

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced

More information

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299 1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.

More information

VIRTUALIZATION SECURITY IN THE REAL WORLD

VIRTUALIZATION SECURITY IN THE REAL WORLD VIRTUALIZATION SECURITY IN THE REAL WORLD Growing Technology Virtualization has become the standard for many corporate IT departments. The market for server virtualization infrastructure has matured, surpassing

More information

VMware vsphere Replication 6.1

VMware vsphere Replication 6.1 VMware vsphere Replication 6.1 Technical Overview Revised August 3, 2015 Contents Introduction... 3 vsphere Replication use cases... 3 vsphere Replication features and benefits... 3 Architecture... 3 Initial

More information

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER Table of Contents Thin, Legacy-Free, Purpose-Built Hypervisor.... 3 More Secure with Smaller Footprint.... 4 Less Downtime Caused by Patches...

More information

SURVEY ON VIRTUALIZATION VULNERABILITIES

SURVEY ON VIRTUALIZATION VULNERABILITIES SURVEY ON VIRTUALIZATION VULNERABILITIES Indumathy M Department of MCA, Acharya Institute of Technology, Bangalore, (India) ABSTRACT Virtualization plays a major role in serving the organizations to reduce

More information

Solution Guide Parallels Virtualization for Linux

Solution Guide Parallels Virtualization for Linux Solution Guide Parallels Virtualization for Linux Overview Created in 1991, Linux was designed to be UNIX-compatible software that was composed entirely of open source or free software components. Linux

More information

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet: Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Parallels Virtuozzo Containers

Parallels Virtuozzo Containers Parallels Virtuozzo Containers White Paper Top Ten Considerations For Choosing A Server Virtualization Technology www.parallels.com Version 1.0 Table of Contents Introduction... 3 Technology Overview...

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days) www.peaklearningllc.com 6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days) Introduction This three-day instructor-led course teaches students how to implement and manage Windows Server

More information

Microsoft s Advantages and Goals for Hyper-V for Server 2016

Microsoft s Advantages and Goals for Hyper-V for Server 2016 Virtualization is a bedrock of modern cloud environments. Hypervisors manage the virtual machines in a cloud environments, providing six fundamental features, as shown in the table below. 1 Hypervisors

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Virtualization. Jukka K. Nurminen 23.9.2015

Virtualization. Jukka K. Nurminen 23.9.2015 Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,

More information

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax:

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax: Course: Virtualization with VMware ESX and VirtualCenter Description: Price: $2,895.00 Category: VMware Duration: 5 days Schedule: Request Dates Outline: This class is a 5-day (optional 4-day) intense

More information

Issues in Information Systems Volume 16, Issue I, pp. 219-225, 2015

Issues in Information Systems Volume 16, Issue I, pp. 219-225, 2015 MOVING TOWARD A SERVER-BASED VIRTUAL MACHINE HOSTING ENVIRONMENT IN SUPPORT OF UNIVERSITY INFORMATION TECHNOLOGY PROGRAMMING COURSES George Stefanek, PhD, Purdue University North Central, stefanek@pnc.edu

More information

SECURITY IN OPERATING SYSTEM VIRTUALISATION

SECURITY IN OPERATING SYSTEM VIRTUALISATION SECURITY IN OPERATING SYSTEM VIRTUALISATION February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in

More information

5 Essential Characteristics of a Winning Virtualization Platform

5 Essential Characteristics of a Winning Virtualization Platform 5 Essential Characteristics of a Winning Virtualization Platform Table of Contents Contents...2 A Trusted Platform...3 Proven Technology...4 Integrated Management...5 Reliability...6 High Availability...8

More information

Distributed and Cloud Computing

Distributed and Cloud Computing Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March

More information

Implementing Security on virtualized network storage environment

Implementing Security on virtualized network storage environment International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Introduction. Setup of Exchange in a VM. VMware Infrastructure

Introduction. Setup of Exchange in a VM. VMware Infrastructure Introduction VMware Infrastructure is deployed in data centers for deploying mission critical applications. Deployment of Microsoft Exchange is a very important task for the IT staff. Email system is an

More information

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

More information

The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments

The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments #1 Management and Security for Windows Server and Hyper-V The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments by Brien M. Posey In the not too distant past, VMware was the hypervisor of

More information

Implementing and Managing Windows Server 2008 Hyper-V

Implementing and Managing Windows Server 2008 Hyper-V Course 6422A: Implementing and Managing Windows Server 2008 Hyper-V Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 300 Technology: Windows Server 2008 Type: Course Delivery Method:

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Running vtserver in a Virtual Machine Environment. Technical Note. 2015 by AVTware

Running vtserver in a Virtual Machine Environment. Technical Note. 2015 by AVTware Running vtserver in a Virtual Machine Environment Technical Note 2015 by AVTware Table of Contents 1. Scope... 3 1.1. Introduction... 3 2. General Virtual Machine Considerations... 4 2.1. The Virtualization

More information

Virtual. The term virtual machine initially described a 1960s. The Reincarnation of FOCUS. Virtual. Machines

Virtual. The term virtual machine initially described a 1960s. The Reincarnation of FOCUS. Virtual. Machines The term virtual machine initially described a 1960s operating system concept: a software abstraction with the looks of a computer system s hardware (real machine). Forty years later, the term encompasses

More information

Put a Firewall in Your JVM Securing Java Applications!

Put a Firewall in Your JVM Securing Java Applications! Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"

More information

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed

More information

A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers

A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers Srinivas P Reddy - 16 th March 2006 srinivasp@vensoft.com

More information

Virtualization. Dr. Yingwu Zhu

Virtualization. Dr. Yingwu Zhu Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the

More information

Windows Server 2008 R2 Hyper-V Live Migration

Windows Server 2008 R2 Hyper-V Live Migration Windows Server 2008 R2 Hyper-V Live Migration Table of Contents Overview of Windows Server 2008 R2 Hyper-V Features... 3 Dynamic VM storage... 3 Enhanced Processor Support... 3 Enhanced Networking Support...

More information

Windows Server 2008 R2 Hyper-V Live Migration

Windows Server 2008 R2 Hyper-V Live Migration Windows Server 2008 R2 Hyper-V Live Migration Table of Contents Overview of Windows Server 2008 R2 Hyper V Features... 3 Dynamic VM storage... 3 Enhanced Processor Support... 3 Enhanced Networking Support...

More information

Virtualization across the organization

Virtualization across the organization Virtualization across the organization Server Virtualization Desktop Virtualization Application Virtualization Presentation Virtualization Consolidate workloads for more efficient resource utilization

More information

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware Introduction By leveraging the inherent benefits of a virtualization based platform, a Microsoft Exchange Server 2007 deployment on VMware Infrastructure 3 offers a variety of availability and recovery

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

CHAPTER 2 THEORETICAL FOUNDATION

CHAPTER 2 THEORETICAL FOUNDATION CHAPTER 2 THEORETICAL FOUNDATION 2.1 Theoretical Foundation Cloud computing has become the recent trends in nowadays computing technology world. In order to understand the concept of cloud, people should

More information

The Reincarnation of Virtual Machines

The Reincarnation of Virtual Machines The Reincarnation of Virtual Machines By Mendel Rosenblum Co-Founder of VMware Associate Professor, Computer Science Stanford University Abstract:VMware, Inc. has grown to be the industry leader in x86-based

More information

Performance Testing of a Cloud Service

Performance Testing of a Cloud Service Performance Testing of a Cloud Service Trilesh Bhurtun, Junior Consultant, Capacitas Ltd Capacitas 2012 1 Introduction Objectives Environment Tests and Results Issues Summary Agenda Capacitas 2012 2 1

More information

Analysis on Virtualization Technologies in Cloud

Analysis on Virtualization Technologies in Cloud Analysis on Virtualization Technologies in Cloud 1 V RaviTeja Kanakala, V.Krishna Reddy, K.Thirupathi Rao 1 Research Scholar, Department of CSE, KL University, Vaddeswaram, India I. Abstract Virtualization

More information

Server Virtualisation with VMware. Philipp Heckel, University of Mannheim, 4/12/08 1

Server Virtualisation with VMware. Philipp Heckel, University of Mannheim, 4/12/08 1 Server Virtualisation with VMware Philipp Heckel, University of Mannheim, 4/12/08 1 Virtualisation 1. Virtualisation Overview 2. Impact on Service Providers 3. Virtualisation Technology 4. VMware Infrastructure

More information

Server Virtualization A Game-Changer For SMB Customers

Server Virtualization A Game-Changer For SMB Customers Whitepaper Server Virtualization A Game-Changer For SMB Customers Introduction Everyone in the IT world has heard of server virtualization, and some stunning achievements by datacenter and Enterprise customers

More information

Overview... 2. Customer Login... 2. Main Page... 2. VM Management... 4. Creation... 4 Editing a Virtual Machine... 6

Overview... 2. Customer Login... 2. Main Page... 2. VM Management... 4. Creation... 4 Editing a Virtual Machine... 6 July 2013 Contents Overview... 2 Customer Login... 2 Main Page... 2 VM Management... 4 Creation... 4 Editing a Virtual Machine... 6 Disk Management... 7 Deletion... 7 Power On / Off... 8 Network Management...

More information

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

VDI can reduce costs, simplify systems and provide a less frustrating experience for users. 1 INFORMATION TECHNOLOGY GROUP VDI can reduce costs, simplify systems and provide a less frustrating experience for users. infor ation technology group 2 INFORMATION TECHNOLOGY GROUP CONTENTS Introduction...3

More information

Cloud Computing - Architecture, Applications and Advantages

Cloud Computing - Architecture, Applications and Advantages Cloud Computing - Architecture, Applications and Advantages 1 Arun Mani Tripathi 2 Rizwan Beg NIELIT Ministry of C&I.T., Govt. of India 2 Prof. and Head, Department 1 of Computer science and Engineering,Integral

More information

Best Practices for Virtualised SharePoint

Best Practices for Virtualised SharePoint Best Practices for Virtualised SharePoint Brendan Law Blaw@td.com.au @FlamerNZ Flamer.co.nz/spag/ Nathan Mercer Nathan.Mercer@microsoft.com @NathanM blogs.technet.com/nmercer/ Agenda Why Virtualise? Hardware

More information

VDI Security for Better Protection and Performance

VDI Security for Better Protection and Performance VDI Security for Better Protection and Performance Addressing security and infrastructure challenges in your VDI deployments Trend Micro, Incorporated» See why you need security designed for VDI environments

More information

Linstantiation of applications. Docker accelerate

Linstantiation of applications. Docker accelerate Industrial Science Impact Factor : 1.5015(UIF) ISSN 2347-5420 Volume - 1 Issue - 12 Aug - 2015 DOCKER CONTAINER 1 2 3 Sawale Bharati Shankar, Dhoble Manoj Ramchandra and Sawale Nitin Shankar images. ABSTRACT

More information

W H I T E P A P E R. VMware Infrastructure for BEA WebLogic Applications - Use Cases

W H I T E P A P E R. VMware Infrastructure for BEA WebLogic Applications - Use Cases W H I T E P A P E R VMware Infrastructure for Applications - Use Cases Table of Contents Introduction................................................................. 3 Overview.............................................

More information

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

IMPLEMENTING THE NEW WINDOWS SERVER 2016 HYPER-V SHIELDED VM FEATURE FOR ISO 27001, PCI, AND FEDRAMP

IMPLEMENTING THE NEW WINDOWS SERVER 2016 HYPER-V SHIELDED VM FEATURE FOR ISO 27001, PCI, AND FEDRAMP IMPLEMENTING THE NEW WINDOWS SERVER 2016 HYPER-V SHIELDED VM FEATURE FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne

More information

Integrated System Continuity Solutions for Virtual System Consolidation

Integrated System Continuity Solutions for Virtual System Consolidation Integrated System Continuity Solutions for Virtual System Consolidation Introduction Virtualization and server consolidation address the needs of today s data center environment by taking a large step

More information

DeltaV Virtualization High Availability and Disaster Recovery

DeltaV Virtualization High Availability and Disaster Recovery DeltaV Distributed Control System Whitepaper October 2014 DeltaV Virtualization High Availability and Disaster Recovery This document describes High Availiability and Disaster Recovery features supported

More information

Server Virtualization with Windows Server Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center Course 20409B: Server Virtualization with Windows Server Hyper-V and System Center Course Details Course Outline Module 1: Evaluating the Environment for Virtualization This module provides an overview

More information

What s New with VMware Virtual Infrastructure

What s New with VMware Virtual Infrastructure What s New with VMware Virtual Infrastructure Virtualization: Industry-Standard Way of Computing Early Adoption Mainstreaming Standardization Test & Development Server Consolidation Infrastructure Management

More information

Virtualization for Security

Virtualization for Security Virtualization for Security t j Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting John Hoopes Technical Editor Aaron Bawcom Paul Kenealy Wesley J. Noonan Craig

More information

Secure Virtualization in the Federal Government

Secure Virtualization in the Federal Government White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in

More information

Making Data Security The Foundation Of Your Virtualization Infrastructure

Making Data Security The Foundation Of Your Virtualization Infrastructure Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

Introduction to Virtualization. Virtualization

Introduction to Virtualization. Virtualization Introduction to Virtualization Prashant Shenoy Lecture 2, page 1 Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run

More information

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server

More information

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT V. Devi PG Scholar, Department of CSE, Indira Institute of Engineering & Technology, India. J. Chenni Kumaran Associate Professor,

More information

Cloud Sure - Virtual Machines

Cloud Sure - Virtual Machines Cloud Sure - Virtual Machines Maximize your IT network The use of Virtualization is an area where Cloud Computing really does come into its own and arguably one of the most exciting directions in the IT

More information

The Review of Virtualization in an Isolated Computer Environment

The Review of Virtualization in an Isolated Computer Environment The Review of Virtualization in an Isolated Computer Environment Sunanda Assistant professor, Department of Computer Science & Engineering, Ludhiana College of Engineering & Technology, Ludhiana, Punjab,

More information

CIT 668: System Architecture

CIT 668: System Architecture CIT 668: System Architecture Cloud Security Topics 1. The Same Old Security Problems 2. Virtualization Security 3. New Security Issues and Threat Model 4. Data Security 5. Amazon Cloud Security Data Loss

More information

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

CA ARCserve Replication and High Availability Deployment Options for Hyper-V Solution Brief: CA ARCserve R16.5 Complexity ate my budget CA ARCserve Replication and High Availability Deployment Options for Hyper-V Adding value to your Hyper-V environment Overview Server virtualization

More information

SERVER 101 COMPUTE MEMORY DISK NETWORK

SERVER 101 COMPUTE MEMORY DISK NETWORK Cloud Computing ก ก ก SERVER 101 COMPUTE MEMORY DISK NETWORK SERVER 101 1 GHz = 1,000.000.000 Cycle/Second 1 CPU CYCLE VIRTUALIZATION 101 VIRTUALIZATION 101 VIRTUALIZATION 101 HISTORY YEAR 1800 YEARS LATER

More information